Spring Security Authenticates and immediately returns Access Denied

Question

This text is directly from my console logger when running this locally. The second line immediately follows the first. I'm not sure what is happening behind the scenes that is providing the access denied exception.

2014-01-30 07:48:14.854  INFO 5452 --- [nio-8085-exec-3] o.s.b.a.audit.listener.AuditListener     : AuditEvent [timestamp=Thu Jan 30 07:48:14 CST 2014, principal=r2n, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 2C7EC273522BB6880EE3410201F8A41F}]

2014-01-30 07:48:14.859  INFO 5452 --- [nio-8085-exec-4] o.s.b.a.audit.listener.AuditListener     : AuditEvent [timestamp=Thu Jan 30 07:48:14 CST 2014, principal=r2n, type=AUTHORIZATION_FAILURE, data={message=Access is denied, type=org.springframework.security.access.AccessDeniedException}]

My code is compiled using Spring Boot version 1.0.0.RC1, Spring Security 3.1.0.Release and thymeleaf for spring 2.1.1.Release. I know there are some conflicts with the underlying spring dependencies and thymeleaf for spring 3 as spring boot uses spring 4.

I don't think my issues lie their.

Here's the code from WebSecurityConfiguration extending WebSecurityConfigurerAdapter. My authentication is using ldap.

@Override
  protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .antMatchers("/error").anonymous()
            .antMatchers("/navigation").anonymous()
            .antMatchers("/**").hasRole("ADMIN") // #4
            .and()
        .formLogin()
            .permitAll()
            .defaultSuccessUrl("/")
            .and()
        .csrf().disable();
  }

Answer 1

Your "r2n" user appears not to have "ADMIN" authorities. Maybe you set him up with "ROLE_ADMIN" and the access rule is "ADMIN" or something?

P.S. I think you mean Spring Security 3.2.0.RELEASE (the Javaconfig isn't in 3.1).